Reputation: 137
How to set path for GOOGLE_APPLICATION_CREDENTIALS in AWS Elastic Beanstalk
I have a SpringBoot project where I'm using firebase authentication, GOOGLE_APPLICATION_CREDENTIALS Environment variable set in my local machine to the path of json file that I downloaded from Google Cloud console.
But now I'm deploying app (jar) to Elastic Beanstalk but I'm not sure how to setup that path there and where to place this file?
Upvotes: 1
Views: 2262
Answers (3)
Reputation: 21
You can use the following steps if you don't want to store the credentials as part of the code base:
- Download the service account credentials JSON file from Google Cloud.
- Get encoded string from the JSON file For base64 encoding, you can use one of the online utilities or system commands to do that. For Linux and Mac, you can use base64 <<service_account_json_file>> to print the file contents as a base64-encoded string.
- On the Secrets Manager console, choose Store a new secret.
- For Secret type, select Other type of secret.
- Enter your key as credentials and the value as the base64-encoded string.
- Leave the rest of the options at their default.
- Choose Next.
- Give a name to the secret bigquery_credentials.
- Follow through the rest of the steps to store the secret.
Here is link for the complete instructions: https://aws.amazon.com/blogs/big-data/migrating-data-from-google-bigquery-to-amazon-s3-using-aws-glue-custom-connectors/
Upvotes: 2
Reputation: 137
Finally found the workaround, I placed my google credentials file (firebase-server-config.json) in spring-boot project path /src/main/resources/ and provide credentials by reading file stream.
@Primary
@Bean
public void initFirebase() throws IOException {
FirebaseOptions options = FirebaseOptions.builder().setCredentials(GoogleCredentials.fromStream(getClass().getClassLoader().getResourceAsStream("firebase-server-config.json"))).build();
if (FirebaseApp.getApps().isEmpty()) {
FirebaseApp.initializeApp(options);
}
}
pom.xml dependency
<dependency>
<groupId>com.google.firebase</groupId>
<artifactId>firebase-admin</artifactId>
<version>7.0.0</version>
</dependency>
Upvotes: 2
Reputation: 15
I guess Elastic Beanstalk still doesn't support JSON values in environment variables. Furthermore, keeping credentials in environment variables can be dangerous if another user with access to EBS can see the credentials.
There is a similar question asked and some workarounds shared here: How to config Meteor on AWS/EBS using METEOR_SETTINGS environment variable
One of the suggested ways by Amazon is storing the JSON file in an s3 bucket and downloading it from the bucket at the deployment phase with a configuration. There is a very suitable solution provided by Amazon for using an external JSON file for storing credentials to be used in EBS
Upvotes: 0
Related Questions
- How to set GOOGLE_APPLICATION_CREDENTIALS in spring boot app
- GOOGLE_APPLICATION_CREDENTIALS contents not file path
- How to store GOOGLE_APPLICATION_CREDENTIALS in an AWS ECS environment on Fargate?
- Setting GOOGLE_APPLICATION_CREDENTIALS
- Deployment issue after setting GOOGLE_APPLICATION_CREDENTIALS=[PATH]
- Set `GOOGLE_APPLICATION_CREDENTIALS` for AppEngine Flexible Environment instances
- How to deploy GOOGLE_APPLICATION_CREDENTIALS and use from Django app deployed using Elasticbeanstalk
- How to define GOOGLE_APPLICATION_CREDENTIALS?
- How to pass contents in GOOGLE_APPLICATION_CREDENTIALS rather than file path?
- Setting GOOGLE_APPLICATION_CREDENTIALS in Spring